CVE-2026-21623 CRITICAL

CVE-2026-21623: Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Vendor Stackideas.com
Product EasyDiscuss extension for Joomla
Weakness CWE-79 · XSS
Published January 16, 2026
Last update January 16, 2026

CVSS base score

9.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla.

Explanation of Vulnerability in Simple Terms

02Summary

The EasyDiscuss extension for Joomla contains a cross-site scripting (XSS) vulnerability that allows authenticated users to inject malicious scripts. An attacker with low-level access can craft input that executes in other users' browsers when they view affected content. This can lead to session hijacking, credential theft, or unauthorized actions performed on behalf of victims.

What an attacker can do

03Attacker Capabilities

Inject and execute malicious JavaScript in other users' browsers to steal sessions, credentials, or perform actions as the victim.

Potential impact on your site

04Site Impact

Authenticated users can compromise other users' accounts and data; site reputation and user trust are at risk.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege Joomla account and the victim must view a page containing the attacker's malicious input.

Key dates

06Disclosure timeline

January 16, 2026 CVE published
January 16, 2026 Record updated

Related vulnerabilities

08Related CVE